Federal pilot programs based on FedRAMP 20x secure four initial approvals, marking an initial success.
The FedRAMP 20x program, launched earlier this year, is making significant strides in streamlining and automating the cloud service authorization process for federal agencies. The initiative aims to accommodate thousands of cloud services needed by these agencies, drastically scaling the FedRAMP marketplace and improving speed by employing automation and reducing bureaucracy [1][3][5].
Progress:
As of late July 2025, four cloud service offerings have received FedRAMP 20x authorizations, marking the first milestone since the program's relaunch [1]. The Phase One Pilot for Low impact level authorizations is well underway, with several cloud providers authorized and submissions actively reviewed. The public submission period for this phase closes on August 19, 2025 [3]. Demonstrations and community engagements are ongoing to share pilot experiences and foster adoption [3].
Goals:
The FedRAMP 20x program seeks to support rapid, automated authorization workflows to enable agencies to scale their use of cloud services efficiently. It also addresses the need for secure cloud offerings across all impact levels (Low, Moderate, High) and aims to reduce the IT infrastructure footprint directly managed by agencies by broadening their access to cloud services under FedRAMP [1][5].
Expected Timelines:
Phase One, focusing on Low impact level authorizations, is concluding submissions this month (August 2025) [3]. While specific timelines for Moderate and High authorizations under 20x have not been explicitly stated, it is anticipated that they will follow as subsequent phases once low-level pipeline and process improvements are proven [1][3][5].
The 20x process aims to provide a report that shows vendors have met 80% of the requirements with a single press of a button. The new vulnerability management standards, expected to bring FedRAMP closer to private sector best practices for security, aim to provide future guidance on having a clear, consistent approach to identifying and addressing vulnerabilities [1][3][5].
Pete Waterman, the director of the FedRAMP program, has stated that the program is an entirely different program than the one that existed a year ago. Four vendors have already received low authorizations under FedRAMP within the first four months of the pilot [1]. The FedRAMP program management office is accepting phase one pilot 20x applications until Aug. 19 [3].
The 20x pilot aims to make the authorization process better, faster, and cheaper. There are about 14 cloud services packages already in the queue under this pilot. The average agency authorization review queue remains under 15 cloud services with a typical review time of under five weeks [1][3][5].
In summary, FedRAMP 20x is actively delivering Low impact level pilot authorizations with further phases for Moderate and High levels expected but not yet fully underway. The initiative aims to significantly speed federal cloud authorization through automation and streamlined processes in the coming months and years [1][3][5].
The reimagined workforce is actively employing data-and-cloud-computing technologies to drive the automation and streamlining of theauthorization process within the federal workforce, particularly with the FedRAMP 20x program, which is anticipated to provide a faster, better, and cheaper authorization process for federal agencies. This program aims to reduce the IT infrastructure footprint directly managed by agencies by broadening their access to cloud services under FedRAMP, potentially accommodating thousands of cloud services needed by these agencies.
